A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim’s computer.

SpyEye was written in C++ and the size of the compiled binary is of 60 KB, the operating systems supported are from Windows 2000 to the recent Windows 7, it works in ring3 mode (same as Zeus Trojan). It is sold as undetected from most Antivirus Software and it is invisible from the task managers and other user-mode applications, it hides the files from the regular explorer searches and it hides also its registry keys.

SpyEye is actually sold by its author at a price of approximately 500 $ USD for a base bundle, it is cheaper than the price of Zeus Trojan that is sold for more than 1,000 $ USD, but it looks like to have all the requirements, if not more, of the famous Zeus Trojan.

The features of SpyEye (v1.0.75) are:

CC Autofill

Module able to automate the process of getting the money from the stolen credit cards by the bot’s owners using geo ip location.

Formgrabber with built-in keylogger

Used to capture specific data inserted in a web form.. Mostly used to steal bank accounts and credit cards details when the user need to insert them in legit websites to buy something. The formgrabber works in most used web browsers, such as Firefox, Internet Explorer, Maxthon and Netscape.

Protocol of logs-receiving has changed.
LZO-compression was added.
Logs flying not to PHP-script, now. It fly to the server’s prot, which listening by SpyEye Collector. He accepting connections, read logs from them, and other thread, by-queue, dump accepted logs into MYSQL DB. This scheme will very nice for high botnets.
PHP-CP of formgrabber, now, needs only for logs parsing.
So, very difficult to create abuse-repoort for such server with SpyEye Collector.

It is clear that this bot has the same objective of Zeus Trojan and we can also see from the features that it looks a very powerful bot that can surely make even more dangerous the life of the regular internet users and increments the already high problem of the data theft and internet fraud.